[j-nsp] Monitor traffic

Julian Eccli je at juniper.net
Fri Jun 6 12:54:34 EDT 2003


> Note, in addition to this constraint, certain headers (L1, L2 
> and L3) are
> stripped from ingress packets before they are passed to the 
> RE, therefore,
> it is not possible to match on L3 headers (e.g. IP source address) for
> inbound packets :-(  monitor traffic interface <blah> running 
> on a Juniper
> has lots of constraints compared to tcpdump -i <blah> on a unix box.
> 

L3 info is always included in the JUNOS CLI output.

You can do a 'tcpdump -w' from the shell and save the file in raw format and read it later with your favorite libcap program.

As Josef pointed out, L2 pseudo headers will be added back in the saved raw file.  You can then read the file from the shell with 'tcpdump -r'.

Note:  Shell commands are not officially supported.


-Julian



More information about the juniper-nsp mailing list